[lxc-devel] [PATCH] Unshare user namespace as well
Mikhail Gusarov
dottedmag at dottedmag.net
Thu Apr 8 08:17:28 UTC 2010
Unshare user namespace to make sure setrlimit and other per-user limits are
accounted properly in containers
Signed-off-by: Mikhail Gusarov <dottedmag at dottedmag.net>
---
src/lxc/start.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 3b5023c..f1ae2fa 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -450,7 +450,7 @@ int lxc_spawn(const char *name, struct lxc_handler *handler, char *const argv[])
return -1;
}
- clone_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
+ clone_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS|CLONE_NEWUSER;
if (!lxc_list_empty(&handler->conf->network)) {
clone_flags |= CLONE_NEWNET;
--
1.7.0
More information about the lxc-devel
mailing list